@dexterai/vault 0.4.2 → 0.6.0

package/README.md

@@ -21,11 +21,53 @@
 
 ---
 
-## What is `@dexterai/vault`?
+<!-- GTM-DRAFT: product framing/wording pending GTM agent review before publish -->
 
-The `dexter-vault` Solana program is a non-custodial passkey-rooted vault: WebAuthn signs every spend, a programmatic Swig role makes the unruggable streaming channel possible, and the entire spend path goes through the vault program — no master key, no escrow, no trust.
+## Open a tab for your agent
 
-This package is the TypeScript that talks to it. Every byte the on-chain program checks — instruction discriminators, the 180-byte session-registration message, the 128-byte revocation message, the 44-byte voucher payload, the vault account layout — lives here, in exactly one file each. Three repos used to hand-roll these primitives and one of them missed a role; that bug is now structurally impossible.
+You open a tab with a hard limit. Your agent spends against it, charge by charge, with no signature prompt per charge. When the work is done you settle and the tab closes. The spending limit is enforced by the Solana program at consensus, not by this SDK and not by Dexter. The SDK never holds a key that can overspend it, and you can verify the cap on-chain yourself.
+
+```ts
+import { openTab, settleTab, readTabMeter } from '@dexterai/vault/tab';
+
+// arm a tab with a chain-enforced cap
+const open = await openTab({ vaultPda, amount: 5_000_000n, dexterAuthority });
+
+// settle a streamed micro-charge (composes precompile + settle + transfer)
+const settle = await settleTab({
+  connection, vaultPda, swigAddress, channelId,
+  cumulativeAmount, sequenceNumber, sessionSigner, sellerAta, feePayer, dexterAuthority,
+});
+
+// read remaining headroom (the chain is the real guard)
+const meter = await readTabMeter(connection, vaultPda);
+```
+
+That is the whole product loop: `openTab` arms a capped tab, `settleTab` records each streamed charge against it, `readTabMeter` reports the headroom left. The buyer's USDC never leaves their wallet while the tab runs; the program gates their exit until the tab settles. The closest familiar shape is an auth-and-capture credit-card hold, except the hold is enforced on-chain instead of by a processor.
+
+A tab can also spend **past** the user's balance, backed by a financier's standby capital: non-custodial, and structured so the buyer cannot rug the financier and the financier cannot seize more than the agreed bound. Every guard in that path is proven on Solana mainnet, including a real draw, a real repayment, a real default-and-seize, and every anti-rug rejection. Same import, three more verbs:
+
+```ts
+import { drawCredit, repayCredit, seizeCollateral } from '@dexterai/vault/tab';
+```
+
+Credit is not a separate product bolted onto a tab. It is a tab that can spend past its balance. That is why it lives in the same import.
+
+> **Two sides.** This package is the buyer side. The seller side (verify vouchers, meter consumption, accept payment in about ten lines) lives in `@dexterai/x402`. Together they cover both halves of agent payments on Solana.
+
+Every `./tab` verb returns `TransactionInstruction[]`, so you own signing, fees, and sending.
+
+---
+
+## Under the hood: the primitives
+
+If the four `./tab` verbs are all you need, you can stop reading here. The rest of this package is the low-level surface those verbs are built from, exposed for the servers that assemble their own transactions.
+
+The `dexter-vault` Solana program is a non-custodial passkey-rooted vault: WebAuthn signs every spend, a programmatic Swig role makes the unruggable streaming channel possible, and the entire spend path goes through the vault program, with no master key, no escrow, and no trust.
+
+This package is the TypeScript that talks to it. Every byte the on-chain program checks lives here, in exactly one file each: instruction discriminators, the 188-byte V2 session-registration message, the 128-byte revocation message, the 44-byte voucher payload, and the vault account layout. Three repos used to hand-roll these primitives and one of them missed a role; that bug is now structurally impossible.
+
+The `./tab` verbs above compose these primitives. The tiers stack on top of the same building blocks: the streaming tab (`settle_tab_voucher`), the credit tab (`draw_credit` / `repay_credit` / `seize_collateral`), the LockedClaim crystallized tier (`@dexterai/vault/instructions`), and factoring / instant payout (`@dexterai/vault/factoring`).
 
 If you are about to hand-roll a vault instruction builder, a precompile message, a Swig role list, or a vault account decoder, **stop and import from here instead**.
 
@@ -37,7 +79,7 @@ If you are about to hand-roll a vault instruction builder, a precompile message,
 npm install @dexterai/vault
 ```
 
-Compatible with `dexter-vault` program version 2 (12 Anchor discriminators including `prove_passkey`, `settle_tab_voucher`, and the session-key register/revoke pair).
+Targets the `dexter-vault` V5 program (21 Anchor discriminators including `prove_passkey`, `settle_tab_voucher`, the session-key register/revoke pair, the LockedClaim set, and the credit set `open_standby` / `draw_credit` / `repay_credit` / `seize_collateral`).
 
 ---
 
@@ -63,7 +105,7 @@ const bundle = await buildSwigCreationBundle({
 const tx = new Transaction().add(...bundle.instructions);
 ```
 
-The 4-role design — role 0 bootstrap, role 1 `ProgramExec(finalize_withdrawal)`, role 2 session master, role 3 `ProgramExec(settle_tab_voucher)` — lives in exactly one function. Tests in this repo lock the role list against the on-chain Anchor discriminators.
+The 4-role design (role 0 bootstrap, role 1 `ProgramExec(finalize_withdrawal)`, role 2 session master, role 3 `ProgramExec(settle_tab_voucher)`) lives in exactly one function. Tests in this repo lock the role list against the on-chain Anchor discriminators.
 
 ### Settle a Tab voucher on chain (facilitator-side)
 
@@ -141,14 +183,18 @@ Each subpath is a tree-shakeable entry point. Pull only what you need.
 |---|---|
 | `@dexterai/vault` | Re-exports `types` + `counterfactual` for convenience |
 | `@dexterai/vault/types` | `VaultState`, `VaultStateFull`, `ActiveSession`, `PendingWithdrawal`, `SessionKey`, `SessionScope`, `SignedVoucher`, `VoucherPayload`, `AtomicAmount`, `HumanAmount`, `TabNetworkId` |
-| `@dexterai/vault/constants` | `DEXTER_VAULT_PROGRAM_ID`, `SWIG_PROGRAM_ID`, `USDC_MAINNET`/`USDC_DEVNET`, all 12 `DISCRIMINATORS`, `OTS_SESSION_REGISTER_V1_DOMAIN`, `OTS_SESSION_REVOKE_V1_DOMAIN` |
+| `@dexterai/vault/constants` | `DEXTER_VAULT_PROGRAM_ID`, `SWIG_PROGRAM_ID`, `USDC_MAINNET`/`USDC_DEVNET`, all 21 `DISCRIMINATORS`, `LOCKED_CLAIM_SEED`, `OTS_SESSION_REGISTER_V1_DOMAIN`, `OTS_SESSION_REGISTER_V2_DOMAIN`, `OTS_SESSION_REVOKE_V1_DOMAIN` |
 | `@dexterai/vault/instructions` | Every builder: `buildInitializeVaultInstruction`, `buildSetSwigInstruction`, `buildRegisterSessionKeyInstruction`, `buildRevokeSessionKeyInstruction`, `buildSettleVoucherInstruction`, `buildSettleTabVoucherInstruction`, `buildRequestWithdrawalInstruction`, `buildFinalizeWithdrawalInstruction`, `buildForceReleaseInstruction`, `buildRotatePasskeyInstruction`, `buildRotateDexterAuthorityInstruction`, `buildProvePasskeyInstruction`, and the canonical `buildSwigCreationBundle` + `expectedSwigAddressFor` + `verifySwigIsOurs` |
-| `@dexterai/vault/messages` | `sessionRegisterMessage` (180 bytes), `sessionRevokeMessage` (128 bytes), `voucherPayloadMessage` / `buildVoucherMessage` (44 bytes), `buildSetSwigOperationMessage` |
+| `@dexterai/vault/messages` | `sessionRegisterMessage` (188 bytes, V2), `sessionRevokeMessage` (128 bytes), `voucherPayloadMessage` / `buildVoucherMessage` (44 bytes), `buildSetSwigOperationMessage` |
 | `@dexterai/vault/reader` | `readVaultOnchain` (slim), `readVaultFull` (with active session) |
 | `@dexterai/vault/precompile` | `buildSecp256r1VerifyInstruction`, `buildPrecompileMessage`, `buildEd25519VerifyInstruction` |
 | `@dexterai/vault/counterfactual` | `deriveCounterfactualAddresses` |
 | `@dexterai/vault/signers` | `Ed25519Signer`, `PasskeySigner` interfaces |
 | `@dexterai/vault/signers/node` | `NodeEd25519Signer` (tweetnacl-backed) |
+| `@dexterai/vault/signers/browser` | `WebAuthnAssertion` (pure-browser P-256 passkey ceremony, shipped 0.2.0), `derSignatureToCompactLowS` |
+| `@dexterai/vault/tab` | Product layer: `openTab`, `settleTab`, `readTabMeter`, `drawCredit`, `repayCredit`, `seizeCollateral`, `defaultAssembleSignV2` |
+| `@dexterai/vault/factoring` | `computeFactoringSplit`, `buildInstantPayoutInstructions` (settle a LockedClaim and split the payout) |
+| `@dexterai/vault/kit` | `kitInstructionsToWeb3`, `getRpc` (Swig-kit↔web3 bridge) |
 
 ---
 
@@ -156,7 +202,7 @@ Each subpath is a tree-shakeable entry point. Pull only what you need.
 
 Three places used to hand-roll the same protocol: `dexter-api/src/vault/`, `dexter-facilitator/src/vault/`, and `dexter-vault/tests/`. One of them added role 3 (`ProgramExec` for `settle_tab_voucher`); two didn't. The end-to-end Tab settle smoke kept failing with `Role not found for ID: 3` and it ate hours of debugging on 2026-06-02 before anyone noticed the drift.
 
-This package is the structural fix. The canonical 4-role Swig provisioner, every instruction builder, every byte-precise message encoder, the vault account decoder, the precompile helpers — they live in exactly one file each. Consumers (`dexter-api`, `dexter-facilitator`, `dexter-vault` tests, `@dexterai/x402/tab`) import from here. The drift bug class is gone.
+This package is the structural fix. The canonical 4-role Swig provisioner, every instruction builder, every byte-precise message encoder, the vault account decoder, and the precompile helpers each live in exactly one file. Consumers (`dexter-api`, `dexter-facilitator`, `dexter-vault` tests, `@dexterai/x402/tab`) import from here. The drift bug class is gone.
 
 ---
 
@@ -164,10 +210,10 @@ This package is the structural fix. The canonical 4-role Swig provisioner, every
 
 `tests/byte-parity.test.ts`, `tests/precompile.test.ts`, `tests/swigBundle.test.ts`, `tests/counterfactual.test.ts`, and `tests/reader.test.ts` together snapshot:
 
-- All **12 instruction discriminators** (10 vault + 2 session-key) as exact byte arrays.
-- All **3 message layouts** — 180-byte session registration, 128-byte revocation, 44-byte voucher payload — byte-by-byte.
-- Both **precompile builders** — secp256r1 (SIMD-0075) and Ed25519 — including the 14-byte offsets table.
-- The **vault account decoder** for every Anchor v2 layout combination (with/without pending withdrawal, with/without active session).
+- All **21 instruction discriminators**, derived from `sha256("global:<name>")` and checked against the pinned bytes, covering the vault core, the session-key pair, the LockedClaim set, and the credit set.
+- All **3 message layouts**, byte-by-byte: 188-byte V2 session registration, 128-byte revocation, 44-byte voucher payload.
+- Both **precompile builders**, secp256r1 (SIMD-0075) and Ed25519, including the 14-byte offsets table.
+- The **vault account decoder** for every V5 layout combination (with/without pending withdrawal, with/without active session).
 - The **`buildSwigCreationBundle` structural lock**: ≥4 instructions, idempotent for the same `(identitySeed, hmacKey)`, distinct outputs for different inputs, the `settle_tab_voucher` Swig exec marker bytes match the on-chain discriminator.
 - The **counterfactual derivation** for a known seed.
 
@@ -184,7 +230,7 @@ npm test
 ```
                 ┌─────────────────────────────────┐
                 │  dexter-vault (Anchor program)  │  ← source of truth
-                │  12 discriminators, 3 layouts   │
+                │  V5: 21 discriminators, 3 layouts│
                 └────────────────┬────────────────┘
                                  │ defines bytes
                                  ▼
@@ -229,15 +275,15 @@ interface PasskeySigner {
 }
 ```
 
-`NodeEd25519Signer` ships at `@dexterai/vault/signers/node`. `BrowserPasskeySigner` is the v0.2 work — lifted from `dexter-fe`'s existing WebAuthn ceremony, it unlocks browser-buyer flows on dexter.cash and anywhere else a user pays through their passkey vault.
+`NodeEd25519Signer` ships at `@dexterai/vault/signers/node`. The browser passkey signer shipped in 0.2.0 as `WebAuthnAssertion` at `@dexterai/vault/signers/browser`: a pure-browser P-256 ceremony that runs `navigator.credentials.get()` and returns the three on-chain-ready buffers (64-byte compact lowS signature, raw `clientDataJSON`, raw `authenticatorData`), zero `fetch` calls. It implements the `PasskeySigner` interface; consumers compose it with their own server-policy adapter. This unlocks browser-buyer flows on dexter.cash and anywhere else a user pays through their passkey vault.
 
 ---
 
 ## Versioning
 
-`@dexterai/vault@0.1.x` is compatible with `dexter-vault` program version 2 (12 Anchor instructions; role 3 `ProgramExec` for `settle_tab_voucher` registered on every new Swig).
+The current SDK targets the `dexter-vault` V5 program (21 Anchor instructions; role 3 `ProgramExec` for `settle_tab_voucher` registered on every new Swig).
 
-Future program versions will bump the SDK major or document the delta in the CHANGELOG. The byte-parity tests are the structural lock — any layout change requires an explicit snapshot update.
+Future program versions will bump the SDK major or document the delta in the CHANGELOG. The byte-parity tests are the structural lock: any layout change requires an explicit snapshot update.
 
 ---
 

package/dist/connect/index.cjs

@@ -0,0 +1,455 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/connect/index.ts
+var connect_exports = {};
+__export(connect_exports, {
+  connectTab: () => connectTab,
+  decodeChallengeTo32Bytes: () => decodeChallengeTo32Bytes,
+  verifyConnectProof: () => verifyConnectProof
+});
+module.exports = __toCommonJS(connect_exports);
+
+// src/connect/verify.ts
+var import_web34 = require("@solana/web3.js");
+var import_node_crypto = require("crypto");
+
+// src/instructions/provePasskey.ts
+var import_web32 = require("@solana/web3.js");
+
+// src/constants/index.ts
+var import_web3 = require("@solana/web3.js");
+var DEXTER_VAULT_PROGRAM_ID = new import_web3.PublicKey(
+  "Hg3wRaydFtJhYrdvYrKECacpJYDsC9Px7yKmpncj2fhc"
+);
+var SWIG_PROGRAM_ID = new import_web3.PublicKey(
+  "swigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB"
+);
+var SECP256R1_PROGRAM_ID = new import_web3.PublicKey(
+  "Secp256r1SigVerify1111111111111111111111111"
+);
+var ED25519_PROGRAM_ID = new import_web3.PublicKey(
+  "Ed25519SigVerify111111111111111111111111111"
+);
+var INSTRUCTIONS_SYSVAR_ID = new import_web3.PublicKey(
+  "Sysvar1nstructions1111111111111111111111111"
+);
+var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
+var DISCRIMINATORS = Object.freeze({
+  initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
+  set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
+  settle_voucher: Uint8Array.from([144, 176, 128, 220, 156, 79, 41, 54]),
+  request_withdrawal: Uint8Array.from([251, 85, 121, 205, 56, 201, 12, 177]),
+  finalize_withdrawal: Uint8Array.from([178, 87, 206, 68, 201, 186, 164, 232]),
+  force_release: Uint8Array.from([122, 190, 243, 252, 54, 202, 208, 234]),
+  rotate_passkey: Uint8Array.from([28, 134, 49, 89, 196, 34, 58, 174]),
+  rotate_dexter_authority: Uint8Array.from([145, 60, 4, 119, 180, 205, 236, 134]),
+  prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
+  settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
+  register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
+});
+var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V1"), 0);
+  return buf;
+})();
+var OTS_SESSION_REGISTER_V2_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V2"), 0);
+  return buf;
+})();
+var OTS_SESSION_REVOKE_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REVOKE_V1"), 0);
+  return buf;
+})();
+
+// src/instructions/provePasskey.ts
+function encodeBytesVec(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
+}
+function encodeFixedBytes(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
+  }
+  return Buffer.from(buf);
+}
+function buildProvePasskeyInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes(p.challenge, 32),
+    encodeBytesVec(p.clientDataJSON),
+    encodeBytesVec(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.prove_passkey), argsBuf]);
+  return new import_web32.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: false },
+      { pubkey: import_web32.SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/precompile/secp256r1.ts
+var import_web33 = require("@solana/web3.js");
+var SIGNATURE_OFFSETS_SERIALIZED_SIZE = 14;
+var SIGNATURE_SERIALIZED_SIZE = 64;
+var COMPRESSED_PUBKEY_SERIALIZED_SIZE = 33;
+var PRECOMPILE_DATA_START = 2;
+function buildSecp256r1VerifyInstruction(publicKey, signature, message) {
+  if (publicKey.length !== COMPRESSED_PUBKEY_SERIALIZED_SIZE) {
+    throw new Error(`expected ${COMPRESSED_PUBKEY_SERIALIZED_SIZE}-byte pubkey`);
+  }
+  if (signature.length !== SIGNATURE_SERIALIZED_SIZE) {
+    throw new Error(`expected ${SIGNATURE_SERIALIZED_SIZE}-byte signature`);
+  }
+  const signatureOffset = PRECOMPILE_DATA_START + SIGNATURE_OFFSETS_SERIALIZED_SIZE;
+  const publicKeyOffset = signatureOffset + SIGNATURE_SERIALIZED_SIZE;
+  const messageOffset = publicKeyOffset + COMPRESSED_PUBKEY_SERIALIZED_SIZE;
+  const messageSize = message.length;
+  const totalLen = messageOffset + messageSize;
+  const data = Buffer.alloc(totalLen);
+  data[0] = 1;
+  data[1] = 0;
+  data.writeUInt16LE(signatureOffset, PRECOMPILE_DATA_START + 0);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 2);
+  data.writeUInt16LE(publicKeyOffset, PRECOMPILE_DATA_START + 4);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 6);
+  data.writeUInt16LE(messageOffset, PRECOMPILE_DATA_START + 8);
+  data.writeUInt16LE(messageSize, PRECOMPILE_DATA_START + 10);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 12);
+  Buffer.from(signature).copy(data, signatureOffset);
+  Buffer.from(publicKey).copy(data, publicKeyOffset);
+  Buffer.from(message).copy(data, messageOffset);
+  return new import_web33.TransactionInstruction({
+    keys: [],
+    programId: SECP256R1_PROGRAM_ID,
+    data
+  });
+}
+async function buildPrecompileMessage(clientDataJSON, authenticatorData) {
+  const subtle = globalThis.crypto?.subtle;
+  let clientDataHash;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", clientDataJSON);
+    clientDataHash = new Uint8Array(buf);
+  } else {
+    const { createHash: createHash2 } = await import("crypto");
+    clientDataHash = createHash2("sha256").update(clientDataJSON).digest();
+  }
+  const out = new Uint8Array(authenticatorData.length + 32);
+  out.set(authenticatorData, 0);
+  out.set(clientDataHash, authenticatorData.length);
+  return out;
+}
+
+// src/connect/verify.ts
+function decodeChallengeTo32Bytes(challenge) {
+  const decoded = tryBase64urlDecode(challenge);
+  if (decoded && decoded.length === 32) return decoded;
+  return new Uint8Array((0, import_node_crypto.createHash)("sha256").update(challenge, "utf8").digest());
+}
+function tryBase64urlDecode(s) {
+  if (!/^[A-Za-z0-9\-_]+={0,2}$/.test(s)) return null;
+  try {
+    return new Uint8Array(Buffer.from(s, "base64url"));
+  } catch {
+    return null;
+  }
+}
+async function verifyConnectProof(args) {
+  const { connection, challenge, proof } = args;
+  try {
+    const challengeBytes = decodeChallengeTo32Bytes(challenge);
+    const vaultPda = new import_web34.PublicKey(proof.vault);
+    const precompileMessage = await buildPrecompileMessage(
+      proof.clientDataJSON,
+      proof.authenticatorData
+    );
+    const ix0 = buildSecp256r1VerifyInstruction(
+      proof.passkeyPubkey,
+      proof.signature,
+      precompileMessage
+    );
+    const ix1 = buildProvePasskeyInstruction({
+      vaultPda,
+      challenge: challengeBytes,
+      clientDataJSON: proof.clientDataJSON,
+      authenticatorData: proof.authenticatorData
+    });
+    const tx = new import_web34.Transaction();
+    tx.add(ix0, ix1);
+    tx.feePayer = vaultPda;
+    tx.recentBlockhash = import_web34.PublicKey.default.toBase58();
+    const simulate = args.simulate ?? ((t) => connection.simulateTransaction(t, void 0, false));
+    const res = await simulate(tx);
+    const err = res?.value?.err ?? null;
+    if (err === null) {
+      return { ok: true, vault: vaultPda };
+    }
+    return { ok: false, reason: `simulation rejected: ${stringifyErr(err)}` };
+  } catch (e) {
+    return { ok: false, reason: e instanceof Error ? e.message : String(e) };
+  }
+}
+function stringifyErr(err) {
+  try {
+    return JSON.stringify(err);
+  } catch {
+    return String(err);
+  }
+}
+
+// src/signers/browser/index.ts
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      signatureDer: derSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+
+// src/connect/ceremony.ts
+var SIWX_LOGIN_PREFIX = "siwx_login";
+async function connectTab(args) {
+  const challengeBytes = decodeChallengeTo32Bytes(args.challenge);
+  const prefix = new TextEncoder().encode(SIWX_LOGIN_PREFIX);
+  const opMessage = new Uint8Array(prefix.length + challengeBytes.length);
+  opMessage.set(prefix, 0);
+  opMessage.set(challengeBytes, prefix.length);
+  const signedDigest = await sha256(opMessage);
+  const signer = new WebAuthnAssertion({
+    credentialId: args.credentialId,
+    ...args.rpId ? { rpId: args.rpId } : {}
+  });
+  const assertion = await signer.assertOver(signedDigest);
+  return {
+    passkeyPubkey: args.passkeyPubkey,
+    vault: args.vault,
+    clientDataJSON: assertion.clientDataJSON,
+    authenticatorData: assertion.authenticatorData,
+    signature: assertion.signature
+    // 64-byte compact lowS r||s
+  };
+}
+async function sha256(data) {
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+  }
+  const { createHash: createHash2 } = await import("crypto");
+  return new Uint8Array(createHash2("sha256").update(data).digest());
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  connectTab,
+  decodeChallengeTo32Bytes,
+  verifyConnectProof
+});